Lucene search
+L

7044 matches found

PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

rok Python ProxyShare can be used as an SSRF proxy through absolute URL paths

SummaryAlice exposes a Python SDK ProxyShare with a fixed target URL. Bob sends a request to the share with an absolute URL in the path. The Flask handler passes that path to urllib.parse.urljoin, which replaces Alice's configured target host with Bob's host and returns the server-side response t...

9.9CVSS6AI score0.00061EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

Compromise of PyTorch Lightning PyPi Package Versions

Security Advisory: Compromise of PyTorch Lightning PyPI Package Versions Published: 2026-04-30 Last Updated: 2026-05-12 Github Advisory: CVE-2026-44484We have identified a security incident affecting certain versions of one of our PyPI packages. What happenedWe have determined that one or more...

9.8CVSS6AI score0.00392EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

EPyT-Flow vulnerable to unsafe JSON deserialization (__type__)

ImpactEPyT-Flow’s REST API parses attacker-controlled JSON request bodies using a custom deserializer myloadfromjson that supports a type field. When type is present, the deserializer dynamically imports an attacker-specified module/class and instantiates it with attacker-supplied arguments. This...

10CVSS6AI score0.00657EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.6 views

imgaug contains an insecure deserialization vulnerability in BackgroundAugmenter class within multicore.py module

The imgaug library thru 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py module. The class uses Python's pickle module to deserialize data received via a multiprocessing queue in the augmentimagesworker method without any safety...

9.8CVSS6.7AI score0.00472EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

Guardrails AI contains a code injection vulnerability in its Hub package installation mechanism

Guardrails AI thru 0.6.7 contains a code injection vulnerability CWE-94 in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the postinstall...

9.8CVSS6.4AI score0.00635EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

Langflow Knowledge Bases API is Vulnerable to Path Traversal

SummaryLangflow is vulnerable to Path Traversal in the Knowledge Bases API DELETE /api/v1/knowledgebases. This occurs because user-supplied knowledge base names are concatenated directly into file paths without proper sanitization or boundary validation. An authenticated attacker can exploit this...

9.6CVSS6.1AI score0.04417EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

Open WebUI has an LDAP Empty Password Authentication Bypass

LDAP Empty Password Authentication Bypass Affected Component LDAP authentication endpoint:- backend/openwebui/routers/auths.py lines 468-477, user bind with empty password- backend/openwebui/models/auths.py lines 58-60, LdapForm model Affected VersionsCurrent main branch commit 6fdd19bf1 and like...

9.1CVSS7.4AI score0.01461EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

MLflow: Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated Local Command Execution

In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. ...

9.6CVSS7.5AI score0.00371EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

misp-modules website - Missing CSRF protection in the website home blueprint

A Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerability was due to the home blueprint being exempted from CSRF protection. This could allow modification of sessi...

9.3CVSS5.9AI score0.00185EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.6 views

SGLang's multimodal generation runtime has an unauthenticated path traversal vulnerability

SGLang's multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints...

9.1CVSS6.1AI score0.00386EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

Rucio has SQL Injection in FilterEngine Oracle JSON Path via DID Search API

SummaryA SQL injection vulnerability in the Oracle path of FilterEngine.createsqlaquery allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint GET /dids//dids/search. Attacker-controlled filter keys and values are interpolated...

9.9CVSS6.5AI score0.00281EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

Codechecker has an authentication bypass for certain API calls

SummaryAuthentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permissions to any existing user in CodeChecker. DetailsThe following functions are affected under the Authentication endpoint: getAuthorisedNames,...

10CVSS6.2AI score0.00447EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)

Summaryexecutecode in praisonaiagents/tools/pythontools.py v1.6.37, subprocess sandbox mode can be fully bypassed using print.self to retrieve the real Python builtins module, from which import can be extracted via vars and runtime string construction. This achieves arbitrary OS command execution...

9.9CVSS6.6AI score0.0012EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.6 views

PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)

Summaryexecutecode in praisonaiagents/tools/pythontools.py v1.6.37, subprocess sandbox mode can be fully bypassed using print.self to retrieve the real Python builtins module, from which import can be extracted via vars and runtime string construction. This achieves arbitrary OS command execution...

9.9CVSS6.6AI score0.0012EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

FireFighter has unauthenticated SSRF in its Raid jira_bot endpoint that allows IAM credential theft

Impact The POST /api/v2/firefighter/raid/jirabot endpoint CreateJiraBotView is reachable without authentication permissionclasses = permissions.AllowAny. Its attachments payload is fetched server-side via httpx.get with no URL validation, then uploaded as an attachment on the Jira ticket that get...

9.9CVSS6.2AI score0.00272EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default

SummaryCVE-2026-44338 GHSA-6rmh-7xcm-cpxj documents that PraisonAI ships a code-generator praisonai.deploy.api.generateapiservercode that emits a Flask API server with authentication disabled by default. Users who follow the documented quickstart praisonai deploy --type api get a server that:-...

9.8CVSS7.4AI score0.26799EPSS
Exploits3References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.6 views

ChromaDB Python project has a pre-authentication code injection vulnerability

A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...

10CVSS7.5AI score0.12387EPSS
Exploits2References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

PraisonAI MCP `tools/call` path-traversal => RCE via Python `.pth` injection

SummaryPraisonAI's MCP Model Context Protocol server praisonai mcp serve registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts a path or filename string from MCP tools/call arguments and join...

9.6CVSS6.6AI score0.00619EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.8 views

Horovod contains an insecure deserialization vulnerability in its KVStore HTTP server component

Horovod thru 0.28.1 contains an insecure deserialization vulnerability CWE-502 in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT...

9.8CVSS6.4AI score0.00687EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

SGLang: Unauthenticated RCE via --enable-custom-logit-processor

SGLang's multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads will be deserialized without validation...

9.8CVSS6.6AI score0.00585EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

llm CLI tool contains a code injection vulnerability via `--functions` command-line argument

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

9.8CVSS6.5AI score0.00327EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView

The /add/ endpoint AddView in core/views.py accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins run, allowing injection of arbitrary tool arguments to achieve RCE.When PUBLICADDVIEW=True commo...

9.8CVSS6.6AI score0.00404EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.6 views

mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

9.8CVSS6.2AI score0.00409EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

Rucio has SQL Injection in FilterEngine PostgreSQL Query Builder via DID Search API

SummaryA SQL injection vulnerability in FilterEngine.createpostgresquery allows any authenticated Rucio user to execute arbitrary SQL against the configured PostgreSQL metadata database through the DID search endpoint GET /dids//dids/search. When the external metadata plugin postgresmeta is...

9.9CVSS7AI score0.00301EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

utcp-cli Vulnerable to Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol

SummaryThe substituteutcpargs method in clicommunicationprotocol.py inserts user-controlled toolargs values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c Unix or powershell.exe -Command Windows, allowing an attacker to...

10CVSS6.2AI score0.00272EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset

SummaryPraisonAI's call server exposes a network-facing agent control API without authentication when CALLSERVERTOKEN is not configured.The affected component is the praisonai.api.agentinvoke router as mounted by praisonai.api.call. The authentication helper verifytoken fails open when...

9.8CVSS5.9AI score0.00075EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

Ludwig framework is vulnerable to insecure deserialization through its predict() method.

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 through its predict method. When a user provides a dataset file path to the predict method, the framework automatically determines the file format. If the file is a pickle .pkl file, it is loaded using...

9.8CVSS6.6AI score0.006EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

APScheduler's JSONSerializer and CBORSerializer are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization

The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...

9.8CVSS6.2AI score0.0081EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation

SummaryThe Platform server exposes resources under /api/v1/workspaces/workspaceid/... and protects them with a requireworkspacememberworkspaceid FastAPI dependency. The dependency only checks that the caller is a member of the workspaceid in the URL prefix. The route handlers then look up the inn...

9.4CVSS5.9AI score0.00043EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

SGLanG: Multimodal scheduler deserializes untrusted pickle data on 0.0.0.0 ROUTER socket

SGLang's multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads on incoming messages, enabling RCE when exposed to the internet...

9.8CVSS6AI score0.00399EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

Langroid has Prompt to SQL Injection, Leading to RCE

Security Vulnerability Report: Prompt to SQL Injection leading to RCE in latest Langroid Affected Scopelangroid 0.63.0 Vulnerability Description SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When configured with a database role that has privileges...

9.8CVSS6.9AI score0.00409EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

PySyft server-side arbitrary Python execution after code approval

PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syftfunction for remote execution on the server. While a...

9.8CVSS6.9AI score0.00631EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id}

SummaryType: Vertical privilege escalation. The PATCH /workspaces/workspaceid/members/userid endpoint is gated by requireworkspacememberworkspaceid, which defaults to minrole="member" and is never overridden by the route. The handler then calls MemberService.updateroleworkspaceid, userid, body.ro...

9.6CVSS6AI score0.00032EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

django-s3file is vulnerable to relative path traversal

ImpactS3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load files from random locations into request.FILESDepending on how files are handled, this may lead to...

9.9CVSS6AI score0.00564EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

Ludwig framework is vulnerable to insecure deserialization in its model serving component

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 in its model serving component. When starting a model server with the ludwig serve command, the framework loads model weight files using torch.load without enabling the security-restrictive weightsonly=True...

9.8CVSS6.6AI score0.00497EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

dash-uploader has a directory traversal vulnerability

ImpactAn unauthenticated path traversal vulnerability exists in dash-uploader versions 0.1.0 through 0.7.0a2. The library's HTTP request handler at dashuploader/httprequesthandler.py reads three form parameters uploadid, resumableFilename, resumableIdentifier from request.form.get and passes them...

9.8CVSS7.5AI score0.05982EPSS
Exploits4References9Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

PraisonAI Has Path Traversal in FileTools

Executive Summary:The path validation has a critical logic bug: it checks for .. AFTER normpath has already collapsed all .. sequences. This makes the check completely useless and allows trivial path traversal to any file on the system.The path validation function also does not resolve the symlin...

9.2CVSS6.1AI score0.00416EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

wger: cross-tenant password reset and plaintext disclosure via gym=None bypass

SummaryThe resetuserpassword and gympermissionsuseredit views in wger perform a gym-scope authorization check using Python object comparison != that evaluates None != None as False, silently bypassing the guard when both the attacker and victim have no gym assignment gym=None. A user with...

9.9CVSS6.2AI score0.00371EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.6 views

praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me", allowing token forgery for any user when PLATFORM_ENV is unset

SummaryType: Insecure default cryptographic key. The JWT signing secret defaults to the hardcoded literal "dev-secret-change-me" when PLATFORMJWTSECRET is unset. A safety check exists but only fires when PLATFORMENV != "dev"; the default value of PLATFORMENV is "dev", so the check is silently...

9.8CVSS6.1AI score0.00054EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

PraisonAI has sandbox escape via exception frame traversal in `execute_code` (subprocess mode)

Summaryexecutecode in praisonaiagents.tools.pythontools defaults tosandboxmode="sandbox", which runs user code in a subprocess wrapped with arestricted builtins dict and an AST-based blocklist. The AST blocklist embedded inside the subprocess wrapper blockedattrs, line 143 ofpythontools.py contai...

9.9CVSS6.6AI score0.00541EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

mlflow: FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization

In mlflow/mlflow, the FastAPI job endpoints under /ajax-api/3.0/jobs/ are not protected by authentication or authorization when the basic-auth app is enabled. This vulnerability affects the latest version of the repository. If job execution is enabled MLFLOWSERVERENABLEJOBEXECUTION=true and any j...

9.8CVSS7.8AI score0.04392EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.9 views

Open Source Kubectl MCP Server vulnerable to arbitrary code execution via user interaction with crafted HTML page

An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page...

9.8CVSS6.4AI score0.00578EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code

Summaryexecutecode in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith method to the safegetattr wrapper, achieving arbitrary OS command execution on the host. Detailspythontools.py:20...

10CVSS6.2AI score0.00707EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection

Summaryamazon-redshift-python-driver is the official Python connector for Amazon Redshift. In versions 2.1.13 and earlier, the driver insufficiently validates data received from the server during query result processing. A rogue server or man-in-the-middle could leverage this to execute arbitrary...

9.8CVSS6.7AI score0.00808EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.12 views

BoxLite: Permission Bypass Allows Modification of Read-Only Files

SummaryBoxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code.One of the core security features claimed by Boxlite is the ability to mount host directories in read-only mode readonly=True into the VM...

10CVSS6.2AI score0.00289EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host

SummaryBoxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and run OCI containers within them. Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in OCI images, Boxlite does not account for...

9.6CVSS6.7AI score0.00482EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

PraisonAI Vulnerable Untrusted Remote Template Code Execution

PraisonAI treats remotely fetched template files as trusted executable code without integrity verification, origin validation, or user confirmation, enabling supply chain attacks through malicious templates.--- DescriptionWhen a user installs a template from a remote source e.g., GitHub, PraisonA...

9.6CVSS6.4AI score0.00304EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

OpenViking: Unauthenticated remote bot control via OpenAPI HTTP routes

OpenViking prior to commitc7bb167 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the apikey configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke...

9.1CVSS6AI score0.00571EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

pgAdmin 4 server mode has an authorization vulnerability affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules.Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

9.9CVSS6.2AI score0.00455EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.6 views

PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution

SummaryThe first-party PraisonAI A2A server example combines three behaviors into a remotely exploitable Critical chain:1. The example exposes an A2A server without configuring authtoken.2. The same example binds the server to 0.0.0.0.3. The example registers a calculateexpression tool implemente...

9.8CVSS6.7AI score0.00084EPSS
Exploits0References5Affected Software1
Total number of security vulnerabilities7044